Privacy Policy

Last updated: February 2026

WhatsAuction ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and share your data when you use our platform at whatsauction.co.za and related services (the "Service").

This policy is drafted in compliance with the Protection of Personal Information Act, 2013 (POPIA) of South Africa. By using our Service, you consent to the practices described in this policy.

1. Responsible Party

For the purposes of POPIA, the responsible party is:

Name: WhatsAuction
Email: hello@whatsauction.co.za
WhatsApp: +27 69 059 5731
Website: whatsauction.co.za
Country: South Africa

2. What Personal Information We Collect

We collect the following categories of personal information:

Category	Data Collected	Purpose
Account Information	Name, email address, password (hashed), phone number	Account creation, authentication, communication
Organisation Data	Business name, contact details	Multi-user organisation management
Bidder Information	Name, WhatsApp ID/phone number, email address, physical address	Bidder registration, invoicing, delivery
Auction & Bid Data	Auction details, lot listings, bid amounts, bid timestamps	Auction management, bid tracking, dispute resolution
Invoice & Payment Data	Invoice details, payment status, PayFast transaction references	Billing, payment processing, financial records
WhatsApp Messages	Messages from linked WhatsApp groups (bids, commands, auction-related messages)	Bid capture, auction facilitation, command processing
Usage Data	IP address, browser type, pages visited, access times	Analytics, security, service improvement

3. How We Use Your Information

We process your personal information for the following lawful purposes under POPIA:

Contract performance: To provide and operate the auction management platform, process bids, generate invoices, and facilitate payments
Legitimate interest: To improve our Service, prevent fraud, ensure platform security, and provide customer support
Legal obligation: To comply with applicable South African laws, including tax and financial regulations
Consent: To send you marketing communications (only with your explicit consent; you may withdraw at any time)

4. Third-Party Sharing

We share your personal information only with the following third parties, and only to the extent necessary to provide our Service:

Third Party	Data Shared	Purpose
PayFast	Invoice amounts, payment references, buyer email	Payment processing
WhatsApp / Meta	Messages sent via WhatsApp Business API	Auction messaging, bid capture
Zoho	Email address, name	Transactional email delivery (invoices, notifications)

We do not sell, rent, or trade your personal information to any third party for marketing purposes. We may disclose information if required by law, court order, or to protect our legal rights.

5. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy:

Account data: Retained while your account is active and for up to 12 months after deletion, to allow for account recovery
Auction & bid data: Retained for 3 years after the auction closes, for dispute resolution and record-keeping
Invoice & payment data: Retained for 5 years as required by South African tax legislation (Tax Administration Act)
WhatsApp messages: Retained for the duration of the auction plus 12 months, then automatically purged
Usage/analytics data: Retained for up to 24 months in anonymised form

When data is no longer needed, it is securely deleted or anonymised.

6. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

Access: Request confirmation of what personal information we hold about you and receive a copy
Correction: Request correction or updating of inaccurate, incomplete, or misleading personal information
Deletion: Request deletion of your personal information where it is no longer necessary for the purpose it was collected, subject to legal retention requirements
Objection: Object to the processing of your personal information on reasonable grounds
Restriction: Request that we restrict processing in certain circumstances
Data portability: Request your data in a structured, commonly used format
Withdraw consent: Where processing is based on consent, withdraw that consent at any time
Complaint: Lodge a complaint with the Information Regulator of South Africa if you believe your rights have been violated

To exercise any of these rights, contact us at hello@whatsauction.co.za. We will respond within 30 days as required by POPIA.

7. Information Regulator

If you are not satisfied with our response to a data request, you may contact the Information Regulator (South Africa):

Website: inforegulator.org.za
Email: complaints.IR@justice.gov.za

8. Cookies & Tracking

Our Service uses the following types of cookies and similar technologies:

Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
Analytics cookies: Help us understand how visitors use the Service. Data is collected in aggregate and anonymised.

We do not use third-party advertising cookies or cross-site tracking. You can manage cookie preferences through your browser settings.

9. Security Measures

We take the security of your personal information seriously. Our measures include:

Encryption: All data in transit is encrypted using TLS/SSL (HTTPS). Passwords are hashed using industry-standard algorithms.
Access control: Access to personal information is restricted to authorised personnel on a need-to-know basis.
Infrastructure: Our servers are hosted in secure data centres with appropriate physical and network security.
Monitoring: We monitor for suspicious activity and security incidents.
Incident response: In the event of a data breach, we will notify affected individuals and the Information Regulator as required by POPIA.

While we implement reasonable safeguards, no system is 100% secure. We encourage you to use strong passwords and protect your account credentials.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected data from a minor, we will delete it promptly.

11. Cross-Border Data Transfers

Some of our third-party service providers (such as Meta/WhatsApp and Zoho) may process data outside of South Africa. Where this occurs, we ensure that adequate safeguards are in place as required by Section 72 of POPIA, including ensuring the recipient is subject to comparable data protection laws or binding agreements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service at least 14 days before taking effect. The "Last updated" date at the top of this page indicates the most recent revision.

13. Contact Us

For any questions, concerns, or requests related to your personal information or this Privacy Policy, contact us at:

Email: hello@whatsauction.co.za
WhatsApp: +27 69 059 5731
Website: whatsauction.co.za

For data-related requests (access, correction, deletion), please email us with the subject line "POPIA Data Request" and we will respond within 30 days.